freeRADIUS -> AD Auth

nfischer at hush.com nfischer at hush.com
Mon Aug 18 17:53:28 CEST 2014 

Hi,
after I fully crashed my freeRADIUS Server I have to ask again:

It still fails with:
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file
/etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: hausmeister at OBLAN
[mschap] Told to do MS-CHAPv2 for hausmeister at OBLAN with NT-Password
[mschap]        expand: %{Stripped-User-Name} -> hausmeister
[mschap]        expand:
--username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} ->
--username=hausmeister
[mschap] Creating challenge hash with username: hausmeister at OBLAN
[mschap]        expand: %{mschap:Challenge} -> 01b99ad5745936be
[mschap]        expand: --challenge=%{%{mschap:Challenge}:-00} ->
--challenge=01b99ad5745936be
[mschap]        expand: %{mschap:NT-Response} ->
cfebe53922a2a18a8e0f423e8562a651148d2b18cd4fbc3e
[mschap]        expand: --nt-response=%{%{mschap:NT-Response}:-00} ->
--nt-

response=cfebe53922a2a18a8e0f423e8562a651148d2b18cd4fbc3e
Exec-Program output: Reading winbind reply failed! (0xc0000001)
Exec-Program-Wait: plaintext: Reading winbind reply failed!
(0xc0000001)
Exec-Program: returned: 1
[mschap] External script failed.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject

so Im not sure why.
I think its because hes not allowed to execute the ntlm or my mschap
is cofigured wrong. (or both)

I checked the users/groups:
sambashare:x:111:haus-meister
winbindd_priv:x:112:freerad
freerad:x:113:freerad
ssl-cert:x:114:freerad

looks fine to me?

So my NTLM_Auth string in the modules/mschap is:
 ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
--challenge=%{%{mschap:Challenge}:-00}
--nt-response=%{%{mschap:NT-Response}:-00}" 

I allso tried a lot of other stuff nothing change.
Hope you can help me again.
-- 
 Mit freundlichem Gruß
 Nicolas Fischer
 email: nfischer at hush.com
 jabber: jagger at jabber.ccc.de
 tel: 01573-0420888
 Skype: jagger64
 TOX: Just ask me :)
 PGP-Key:
 http://keyserver.ubuntu.com/pks/lookup?op=vindex&fingerprint=on&search=0xCF5E6AD15A5B6132
 If you sent me a PGP Crypted Mail I´ll be happy and will give you a
free cookie :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140818/50bf3515/attachment-0001.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: freeradius-log.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140818/50bf3515/attachment-0001.txt>

More information about the Freeradius-Users mailing list